| Revision Date: | 2021-01-11 | Version: | 1 |
| Title: | Security update for nodejs14 (Moderate) |
| Description: |
This update for nodejs14 fixes the following issues:
- New upstream LTS version 14.15.4: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554)
- New upstream LTS version 14.15.3: * deps: + upgrade npm to 6.14.9 + update acorn to v8.0.4 * http2: check write not scheduled in scope destructor * stream: fix regression on duplex end
- New upstream LTS version 14.15.1: * deps: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses (bsc#1178882, CVE-2020-8277)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1178882
1180553
1180554
CVE-2020-8265
CVE-2020-8277
CVE-2020-8287
SUSE-SU-2021:0061-1
|
| Platform(s): | SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Web Scripting 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed AND Package Information
nodejs14-14.15.4-5.6.1 is installed
OR nodejs14-devel-14.15.4-5.6.1 is installed
OR nodejs14-docs-14.15.4-5.6.1 is installed
OR npm14-14.15.4-5.6.1 is installed
|